[Secure-testing-commits] r51625 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun May 14 21:10:11 UTC 2017 

Author: sectracker
Date: 2017-05-14 21:10:11 +0000 (Sun, 14 May 2017)
New Revision: 51625

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-14 20:53:19 UTC (rev 51624)
+++ data/CVE/list	2017-05-14 21:10:11 UTC (rev 51625)
@@ -9493,7 +9493,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
 	NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189
 CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of ...)
-	{DLA-832-1}
+	{DSA-3853-1 DLA-832-1}
 	- bitlbee 3.5-1
 	NOTE: https://bugs.bitlbee.org/ticket/1282
 	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5)
@@ -9502,7 +9502,7 @@
 	NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
 	NOTE: to not open CVE-2017-5668
 CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows ...)
-	{DLA-832-1}
+	{DSA-3853-1 DLA-832-1}
 	- bitlbee 3.5-1
 	NOTE: https://bugs.bitlbee.org/ticket/1281
 	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5)
@@ -16716,6 +16716,7 @@
 	- bind9 <not-affected> (RHEL6 specific)
 CVE-2017-3138 [named exits with a REQUIRE assertion failure if it receives a null command string on its control channel]
 	RESERVED
+	{DSA-3854-1}
 	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860226)
 	NOTE: https://kb.isc.org/article/AA-01471
 	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a636604b20cc0aaabc8edbb7595f7c1c820b7610
@@ -16726,6 +16727,7 @@
 	NOTE: The CVE-2017-3138 is barely an issue in practice anyway.
 CVE-2017-3137 [A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME]
 	RESERVED
+	{DSA-3854-1}
 	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225)
 	NOTE: https://kb.isc.org/article/AA-01466
 	NOTE: Additional information for backporting patch: http://www.openwall.com/lists/oss-security/2017/04/17/5
@@ -16734,6 +16736,7 @@
 	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix)
 CVE-2017-3136 [An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"]
 	RESERVED
+	{DSA-3854-1}
 	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860224)
 	NOTE: https://kb.isc.org/article/AA-01465
 	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=764240ca07ab1b796226d5402ccd9fbfa77ec32a

More information about the Secure-testing-commits mailing list